How To Enable SSL Encryption with Database Gateway for DRDA (DG4DRDA) 11.2 (Doc ID 975202.1)

Last updated on MAY 13, 2015

Applies to:

Oracle Database Gateway for DRDA - Version 11.2.0.1 to 12.1.0.1 [Release 11.2 to 12.1]
Information in this document applies to any platform.

Goal

This note describes how to configure a SSL encryption between the Oracle DRDA 11.2 gateway and a DB2 database.

The first prerequisite is to have SSL enabled for the DB2 database running on z/OS, IOS or LUW. Please get in touch with IBM support how to enable SSL encryption for your DB2 database release.
To verify a SSL connection to the DB2 database the OPENSSL utility -commonly installed by default on Linux/Unix machines, but also available from openssl.org for many different platforms- can be used:
openssl s_client -connect <host of the DB2 database>:<SSL Port> -state -debug -msg

Another prerequisite is to have the 11.2.0.2 (or above) DRDA gateway release. For 11.2.0.1 the SSL libraries are available from My Oracle Support for some platforms as patch 9154914.

But before configuring the gateway, please configure the DRDA 11.2 gateway without SSL and verify the connection.

Also please decide wether a TRUSTSTORE will be used or not.
By default the gateway uses a PKCS12 truststore to store certificates, but it can be configured also use the server certification only.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms